Vulnerabilities | News, how-tos, features, reviews, and videos
PKfail: An AMI Platform Key discovered on GitHub led researchers to uncover test keys in firmware images from major PC and server vendors, something hackers could exploit if leaked to gain kernel control.
Although a patch was issued for a previous version, subsequent versions did not include it, leading to regression.
The vulnerability is being used by threat actors to spread multiple LNK files to download stealer payloads.
Although the court dismissed most of the SEC’s charges in its lawsuit against SolarWinds, the by far most serious charge – securities fraud by both the company and its CISO – survived. CISOs have little reason to celebrate.
Flaws enable attackers to perform remote code execution without admin privileges. All users are encouraged to update to Version 2024.3 as soon as possible.
No exploits detected but admins warned to update to fixed version.
Last week’s patched Microsoft file spoofing flaw has been exploited in the wild by APT group Void Banshee by resurrecting Internet Explorer without the user’s knowledge.
Meltdown and Spectre raised the alarm over vulnerabilities that attackers can exploit in popular hardware. This list, though not comprehensive, presents the most significant CPU and DRAM threats.
The group — also known as Kryptonite Panda, Gingham Typhoon, Leviathan, and Bronze Mohawk — is believed to be working for China’s Ministry of State Security.
The Indirector attack discovered by University of California San Diego researchers focuses on the indirect branch predictor of a CPU.